1
00:00:00,240 --> 00:00:04,686
Now that we've combined key based
authentication and HTTP cookies to
2
00:00:04,686 --> 00:00:09,433
implement user authentication,
let's take a look at the authentication
3
00:00:09,433 --> 00:00:14,652
process one more time, this time with
ASP.NET Indentity specifically in mind.
4
00:00:14,652 --> 00:00:20,320
ASP.NET Identity sits between your web
app and the client, the user's browser.
5
00:00:20,320 --> 00:00:24,410
This allows identity to
inspect each incoming request.
6
00:00:24,410 --> 00:00:28,540
Identity starts by looking for
an authentication cookie and
7
00:00:28,540 --> 00:00:33,040
if it doesn't find one it'll redirect
the user to the sign-in page.
8
00:00:33,040 --> 00:00:36,980
Using a form on the sign in page,
the user posts their user name and
9
00:00:36,980 --> 00:00:38,820
password to the server.
10
00:00:38,820 --> 00:00:42,850
An MVC controller in your web
app handles the request and
11
00:00:42,850 --> 00:00:47,830
uses identity to verify
the provided username and password.
12
00:00:47,830 --> 00:00:52,960
If the log in is successful,
identity is then used to sign in the user.
13
00:00:52,960 --> 00:00:58,320
Signing in the user causes identity to
create an authentication cookie containing
14
00:00:58,320 --> 00:01:03,780
information about the user and attaches it
to the response returned to the client.
15
00:01:03,780 --> 00:01:08,140
The user information stored in the cookie
is encrypted in order to keep it safe.
16
00:01:09,240 --> 00:01:11,700
After receiving the authentication cookie,
17
00:01:11,700 --> 00:01:16,320
the browser will include the cookie in
every subsequent request to the server.
18
00:01:16,320 --> 00:01:20,540
This time, when Identity inspects
the incoming request looking for
19
00:01:20,540 --> 00:01:23,660
an authentication cookie you'll find one.
20
00:01:23,660 --> 00:01:27,300
The user information stored in
the cookie is then decrypted and
21
00:01:27,300 --> 00:01:28,980
added to the request.
22
00:01:28,980 --> 00:01:33,510
This makes the user information available
to the rest of the code that will run
23
00:01:33,510 --> 00:01:38,360
as part of processing the request and
preparing the response to the client.
24
00:01:38,360 --> 00:01:41,840
Because all of the identity
information is kept in the cookie,
25
00:01:41,840 --> 00:01:46,230
the server doesn't need to keep track
of the users who are authenticated.
26
00:01:46,230 --> 00:01:48,990
The presence of
the authentication cookie alone
27
00:01:48,990 --> 00:01:51,910
is what determines if a user
is signed in to our web app.
28
00:01:53,170 --> 00:01:57,785
In order to process incoming requests and
modify outgoing responses from your
29
00:01:57,785 --> 00:02:03,035
ASP.NET web app, identity provides
a set of OWIN middleware components.
30
00:02:03,035 --> 00:02:07,840
ASP.NET applications are built
to run on a web server.
31
00:02:07,840 --> 00:02:11,260
A web server is a special
type of application.
32
00:02:11,260 --> 00:02:15,460
Web servers listen for
HTTP requests and host websites and
33
00:02:15,460 --> 00:02:21,560
web apps which are used to process
requests and prepare HTTP responses.
34
00:02:21,560 --> 00:02:26,010
Microsoft's Internet Information Services,
or IIS,
35
00:02:26,010 --> 00:02:31,208
is a commonly used web server for
hosting ASP.NET applications.
36
00:02:31,208 --> 00:02:36,280
OWIN is the Open Web Interface for .NET.
37
00:02:36,280 --> 00:02:43,080
OWIN represents a web server as two
separate concepts, a host and a server.
38
00:02:43,080 --> 00:02:46,930
The host manages the startup of your
web apps which includes selecting and
39
00:02:46,930 --> 00:02:48,510
starting the server.
40
00:02:48,510 --> 00:02:51,889
Once started, the server listens for
HTTP requests.
41
00:02:52,900 --> 00:02:56,940
When you write code for OWIN,
you write components called middleware.
42
00:02:56,940 --> 00:03:01,200
These are components that sit in
the middle between the server and
43
00:03:01,200 --> 00:03:02,580
your web app.
44
00:03:02,580 --> 00:03:07,390
A series of middleware components
are combined to form a request pipeline.
45
00:03:07,390 --> 00:03:12,608
When the server receives an HTTP request
it passes it through the request pipeline.
46
00:03:12,608 --> 00:03:19,170
Each incoming HTTP request passes through
each of the middleware components in
47
00:03:19,170 --> 00:03:23,958
the pipeline in the order that they were
configured, before reaching the webapp.
48
00:03:23,958 --> 00:03:28,730
After the web app has processed
the request and created a response,
49
00:03:28,730 --> 00:03:32,830
the response then passes back through
the pipeline in the reverse order.
50
00:03:34,100 --> 00:03:37,830
If the middleware component is
able to fully process a request
51
00:03:37,830 --> 00:03:39,850
it can immediately return a response,
52
00:03:39,850 --> 00:03:43,365
short circuiting the remaining
middleware components and the web app.
53
00:03:44,410 --> 00:03:48,730
When using OWIN, your code interacts
with only the OWIN host and
54
00:03:48,730 --> 00:03:54,220
server abstractions instead of interacting
directly with the underlying web server.
55
00:03:54,220 --> 00:03:58,940
This approach decouples your code from
the specific web server that you use for
56
00:03:58,940 --> 00:04:01,280
development, testing and production.
57
00:04:02,420 --> 00:04:06,780
While it's possible for an entire web
applications to be written using nothing
58
00:04:06,780 --> 00:04:12,690
but OWIN middleware components, this isn't
the approach that ASP.NET identity takes.
59
00:04:12,690 --> 00:04:18,570
As mentioned earlier, ASP.NET identity
sits between your web app and the client.
60
00:04:18,570 --> 00:04:23,510
To make this possible, identity leverages
OWIN middleware components to inspect
61
00:04:23,510 --> 00:04:28,100
each incoming request and
to modify request and responses as needed.
62
00:04:29,470 --> 00:04:35,142
By using OWIN middleware identity is also
able to work multiple frameworks including
63
00:04:35,142 --> 00:04:43,100
ASP.NET MVC and web API while supporting
any OWIN compliant host including IIS,
64
00:04:43,100 --> 00:04:47,800
Microsoft's Azure Cloud Computing
platform and self hosting scenarios.
65
00:04:49,110 --> 00:04:53,050
Don't worry if you find any of
this information confusing.
66
00:04:53,050 --> 00:04:57,170
The important thing to remember is
that OWIN middleware components
67
00:04:57,170 --> 00:05:01,880
are used to process incoming requests
before they reach your web app.
68
00:05:01,880 --> 00:05:06,503
And they're able to modify the responses
that are created by your web app before
69
00:05:06,503 --> 00:05:08,508
they're sent back to the client.
70
00:05:08,508 --> 00:05:12,383
We'll continue to revisit each of
the key user authentication concepts and
71
00:05:12,383 --> 00:05:15,630
components throughout
the remainder of this course.
72
00:05:15,630 --> 00:05:20,400
So don't worry if you feel overwhelmed or
confused, you've got this.
73
00:05:21,480 --> 00:05:24,350
In the next step,
let's review the Visual Studio solution
74
00:05:24,350 --> 00:05:27,000
that we'll be working with throughout
the remainder of this course.